Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.9 views

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

7.5CVSS7.3AI score0.00751EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 8:15 a.m.44 views

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

7.5CVSS0.00751EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/13 7:4 a.m.39 views

CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

5.3CVSS7.9AI score0.00751EPSS
Exploits0References1
CVE
CVE
added 2022/12/13 7:4 a.m.71 views

CVE-2022-23505

Passport-wsfed-saml2 (Node.js Passport strategy) prior to 4.6.3 is vulnerable to authentication bypass: an attacker who possesses an arbitrary IDP-signed WSFed assertion may bypass WSFed authentication on websites using the library. Depending on the IDP, fully unauthenticated (no valid user) atta...

7.5CVSS6.4AI score0.00751EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder